There are two Publix supermarkets within about 5 minutes of The Omnivore's house and they are the preferred location for omnivorous shopping. I certainly might have. I looked over the email, scanning it for signs of phishing. They used my proper name (a good sign). They had the last 4 digits of my card (a good sign). The English was all perfect.
I examined the shopping time: TODAY. I certainly hadn't been to the supermarket today. I clicked NO and the email indicated they'd call me later to check in.
They did. There was another charge--also around 50 dollars (but not exactly) at Walgreen's. The Omnivore lives next to a Walgreen's so ... maybe--but, again, not on that date.
Both charges were denied. The card was canceled. All's good.
I asked "What exactly happened? Where were these charges made?"
I was told: "The card was cloned" meaning a physical card was imprinted with my number and used in person--and they were made in Miami. Miami is about 36 minutes away from my home. I regularly travel further than that (albeit north) on a weekly basis.
These are the kinds of places I shop.
The amounts are not unusual.
The location is not far from me--nor is it that I never go to Miami.
How the heck did Chase decide to question these charges?
How Did Chase Decide About 100 Bucks of Groceries Might Be Fraudulent?
I don't know the answer for sure but I have a very good guess: Big Data. The practice of data mining can produce fairly creepy results. Twitter knows when you're going to get sick (maybe before you do). Target knows if you're pregnant ... and if they think you're spending enough money with them.
|That's a LOT of Predictive Behavior|
In this case something about the behavior met a pattern that triggered a Fraud Alert and the system sprang into action ... accurately. What was it? There's a Wallgreen's a block away--it's probably the same one (they were using a physical card so it would make sense to hit two places close by).
What Do Credit Cards Agencies Know?
Well, it's unlikely that they know the specific items that were purchased. Credit Card transactions come with a Merchant Category Code (MCC) and when, where, and how much was spent. So if the guy was buying, I don't know, tons of lobster (a rare purchase for me) that by itself wouldn't trigger it.
The stores themselves do know know what you buy and some of them use it (especially if the store offers its own lines of credit: people who buy premium wild birdseed are bad credit risks!).
The best guess is that something about the "where" and "when" (a time when I am at work) was enough to trigger it.
What About Profiling?
If the credit card company knowing I'm supposed to be at work 29.5 miles away from where the card is being used is kinda creepy, what else might they and insurance companies know? It turns out that they spend a good amount of work trying to "profile" you--and the profiles? They are not pretty.
For example, a credit card company will know how often you check your balance--and when. If it's in the middle of the night? Maybe you're up late worried. They'll see changes in behavior (using the card suddenly to buy groceries when you usually don't). These things will trigger different kinds of alerts (maybe he's not gonna pay us!)
But the worst thing is when you wind up on a list.
That link is to Beach List Direct which sells lists of customers for direct marketing. Some of the categories are good ones:
- Wealthy Seasoned Travelers
- Investors with Wealth
- Or maybe "Magnificent Milestones" (you're getting married!)
But do you want to be on:
- Dealing With Divorce?
- Or Suffering Seniors (55+ aliment suffers)
- How would they determine you're Overcoming Erectile Dysfunction? And if you do overcome it ... are you off the list?
Indeed, some of these agencies seem to be directly marketing to suckers:
For example, the New York Times has reported on telemarketing criminals that succeeded in raiding the banking account of a 92-year old Army veteran. Data broker InfoUSA sold his name and contact information to a scam artist. As detailed in the Times’ account, InfoUSA advertised lists such as “Elderly Opportunity Seekers,” described as older people “looking for ways to make money;” “Suffering Seniors,” older people with cancer or Alzheimers disease; and “Oldies but Goodies,” people described as “gullible . . . [who] want to believe their luck can change.”Good going InfoUSA. So clearly this data-mining is a mixed blessing.
The Scary Stuff
So here's the big question: companies like Amazon and Google have far more insight into my life than just a Credit Card company (although I have an Amazon card as well so they have that too). I'm surprised Google isn't in the credit business already (Google Wallet notwithstanding).
A company that can read my email can know a lot about me. Here's a visualization from Immersion, a MIT demo that visualizes your email relationships. Unfortunately I'm posting it here WITHOUT the identifying information: it's just too personal. Each dot represents a person I email with. The larger the dot, the more emails. Lines indicate a lot of connection and, possibly, who introduced who to me.
|That Big Dot In The Middle I Transact Most With? NOT My Wife ...|
Already these online pictures of us are being used behind the scenes in job interviews, police investigations, and, in the very near future, I'm sure, political campaigns.
Maybe when the next generation of candidates start finding their own online-lives being data-mined for use against them we'll see some additional privacy laws.